80 likes | 248 Views
New York Institute of Technology School of Management. MGMT 755 Security Risk Analysis. Dr. Benjamin Khoo kkhoo@nyit.edu. Chapter 1: (Introduction – FAQ). Why should a Risk Assessment be conducted? When should a Risk Analysis be conducted?
E N D
New York Institute of Technology School of Management MGMT 755 Security Risk Analysis Dr. Benjamin Khoo kkhoo@nyit.edu
Chapter 1: (Introduction – FAQ) • Why should a Risk Assessment be conducted? • When should a Risk Analysis be conducted? • Who should conduct the Risk Analysis and Risk Assessment? • Who within the organization should conduct the Risk Analysis and Risk Assessment? • How long should a Risk Analysis or Risk Assessment take? • What can a Risk Analysis or Risk Assessment Analyze?
Chapter 1: (Introduction – FAQ) • What can the results of Risk Management tell an Organization? • Who should review the results of a Risk Analysis? • How is the success of the Risk Analysis measured?
Chapter 2: Risk Management I • Overview- RM used to balance operational & economic costs of protective measures (IS) and achieve gains in mission capability. - made up of:1. risk analysis2. risk assessment3. risk mitigation4. vulnerability assessment & controls evaluation.See Table 2.1 for definitions.
Chapter 2: Risk Management I • Risk Assessment as part of the business processSee Figure 2.1 Risk Management Activities mapped to the SDLC See Table 2.2
Chapter 2: Risk Management I • Employee Roles and ResponsibilitiesSee Table 2.3, Table 2.4 & Table 2.5 for examples. • Information Security Life CycleSee Figure 2.2 • Risk Analysis Process
Chapter 2: Risk Management I • Risk Assessment1. Asset Definition2. Threat Identification (See Table 2.6)3. Determine Probability of Occurrence4. Determine the Impact of the Threat (See Figure 2.3 and Figure 2.4)5. Controls Recommended6. Documentation